Dynamic data masking refers to securing data in real time by masking sensitive data as it is accessed, such that sensitive information is not provided to unauthorized recipients. Thus, for example, when a database query is received from an unauthorized or restricted user or application, dynamic data masking may be employed to mask some or all of the data so that sensitive data are not exposed to the requestor. In some dynamic data masking approaches data queries are analyzed and modified to cause data that are retrieved as a result of such queries to be masked. In other approaches rules are defined at the database level that specify specific tables and columns to be masked in anticipation of queries.